Appl. No. 09/998,893 PATENT 
Amdt. dated March 30, 2010 

Reply to Office Action of September 1 8, 2009 and the 
Notice of Non-Compliant Amendment mailed March 16, 
2010 

Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the 

application: 

Listing of Claims: 

1 . (Currently Amended) A method comprising: 

receiving at an Identity System a request for a first certificate related action for a 
first user wherein the first certificate related action is selected from a group consisting of a 
certificate enrollment action, a certificate renewal action, and a certificate revocation action; 

retrieving by the Identity System a first workflow for responding to said request 
from a plurality of workflows for responding to requests for certificate related actions, wherein 
each workflow in said plurality of workflows corresponds to a different set of characteristics for 
a user, wherein the first workflow contains a first set of directives and a second workflow in said 
plurality of workflows contains a second set of directives, wherein said first set of directives is 
different from said second set of directives, wherein said first workflow calls for obtaining an 
approval before performing a certificate related action for users having a first user type, wherein 
said second workflow does not call for obtaining an approval before performing a certificate 
related action for users having a second user type, and wherein retrieving the first workflow 
further comprises selecting the first workflow from the plurality of workflows based on the first 
certificate related action and a user type of the first user from a set of characteristics for the first 
user from an identity profile for the first user maintained by the Identity System being the first 
user type; and 

performing said first workflow, wherein performing said first workflow comprises 
retrieving an approval response from an entity associated with the first user and identified in the 
identity profile for the first user and obtaining a certificate and a real time status for the 
certificate from a certificate authority based on the approval response ; and 
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storing the certificate and said real time status in the Identity System, wherein the 
certificate authority is external to the Identity System . 

2.-6. (Canceled) 

7. (Previously Presented) The method of claim 1, further comprising: 
receiving said plurality of workflows. 

8. (Canceled) 

9. (Previously Presented) The method of claim 1, further comprising: 
receiving a second request for a second certificate related action for a second user 

wherein the second certificate related action is selected from a group consisting of a certificate 
enrollment action, a certificate renewal action, and a certificate revocation action; 

retrieving the second workflow for responding to said second request from said 
plurality of workflows, wherein retrieving the second workflow further comprises selecting the 
second workflow from the plurality of workflows based on the second certificate related action a 
user type of the second user from a set of characteristics for the second user from an identity 
profile for the second user maintained by the Identity System being the second user type; and 

performing said second workflow, wherein performing said second workflow 

comprises: 

obtaining a second certificate without retrieving an approval response. 

10. (Previously Presented) The method of claim 9, wherein said first 
certificate related action is a certificate enrollment action and said second certificate related 
action is a certificate enrollment action. 

1 1 . (Previously Presented) The method of claim 9, wherein said first 
certificate related action is a certificate renewal action and said second certificate related action 
is a certificate renewal action. 
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12. (Previously Presented) The method of claim 1, further comprising: 
performing said first workflow, wherein said first certificate related action is a 

certificate enrollment action and wherein performing said first workflow comprises: 

obtaining a certificate, wherein obtaining the certificate comprises 
authenticating said first user; 

forwarding said request to a Certificate Processing Server; 
receiving said certificate; and 
storing said certificate. 

13. (Previously Presented) The method of claim 1, further comprising: 
performing said first workflow, wherein said first certificate related action is a 

certificate renewal action and wherein performing said first workflow comprises: 

obtaining a certificate renewal, wherein obtaining the certificate renewal 

comprises: 

authenticating said first user; 

forwarding said request to a Certificate Processing Server; 
receiving a certificate renewal acknowledgement. 

14. (Previously Presented) The method of claim 1, further comprising: 
performing said first workflow, wherein said first certificate related action is a 

certificate revocation action and wherein performing said first workflow comprises: 

revoking a certificate, wherein revoking the certificate comprises: 
authenticating said first user; and 

forwarding said request to a Certificate Processing Server. 

15. (Canceled) 

16. (Currently Amended) One or more processor readable storage devices 
having processor readable code embodied on said processor readable storage devices, said 
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processor readable code for programming one or more processors to perform a method 
comprising: 

receiving at an Identity System a request for a first certificate related action for a 
first user wherein the first certificate related action is selected from a group consisting of a 
certificate enrollment action, a certificate renewal action, and a certificate revocation action; 

retrieving by the Identity System a first workflow for responding to said request 
from a plurality of workflows for responding to requests for certificate related actions, wherein 
each workflow in said plurality of workflows corresponds to a different set of characteristics for 
a user, wherein the first workflow contains a first set of directives and a second workflow in said 
plurality of workflows contains a second set of directives, wherein said first set of directives is 
different from said second set of directives, wherein said first workflow calls for obtaining an 
approval before performing a certificate related action for users having a first user type, wherein 
said second workflow does not call for obtaining an approval before performing a certificate 
related action for users having a second user type, and wherein retrieving the first workflow 
further comprises selecting the first workflow from the plurality of workflows based on the first 
certificate related action and a user type of the first user from a set of characteristics for the first 
user from an identity profile for the first user maintained by the Identity System being the first 
user type; and 

performing said first workflow, wherein performing said first workflow comprises 
retrieving an approval response from an entity associated with the first user and identified in the 
identity profile for the first user and obtaining a certificate and a real time status for the 
certificate from a certificate authority based on the approval response ; and 

storing the certificate and said real time status in the Identity System, wherein the 
certificate authority is external to the Identity System . 

17.-19. (Canceled) 
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20. (Previously Presented) One or more processor readable storage devices 
according to claiml6, wherein said method further comprises: 

receiving said plurality of workflows. 

2 1 . (Previously Presented) One or more processor readable storage devices 
according to claim 16, wherein said method further comprises: 

receiving a second request for a second certificate related action for a second user 
wherein the second certificate related action is selected from a group consisting of a certificate 
enrollment action, a certificate renewal action, and a certificate revocation action; 

retrieving the second workflow for responding to said second request from said 
plurality of workflows, wherein retrieving the second workflow further comprises selecting the 
second workflow from the plurality of workflows based on the second certificate related action a 
user type of the second user from a set of characteristics for the second user from an identity 
profile for the second user maintained by the Identity System being the second user type; and 

performing said second workflow, wherein performing said second workflow 

comprises: 

obtaining a second certificate without retrieving an approval response. 

22. (Previously Presented) One or more processor readable storage devices 
according to claim 21, wherein said first certificate related action is a certificate enrollment 
action and said second certificate related action is a certificate enrollment action. 

23. (Previously Presented) One or more processor readable storage devices 
according to claim 16, wherein said method further comprises: 

performing said first workflow, wherein said first certificate related action is a 
certificate enrollment action and wherein performing said first workflow comprises: 

obtaining a certificate, wherein obtaining the certificate comprises: 
authenticating said first user; 

forwarding said request to a Certificate Processing Server; 
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receiving said certificate; and 
storing said certificate. 

24. (Previously Presented) One or more processor readable storage devices 
according to claim 16, wherein said method further comprises: 

performing said first workflow, wherein said first certificate related action is a 
certificate renewal action and wherein performing said first workflow comprises: 

obtaining a certificate, wherein obtaining the certificate comprises 
authenticating said first user; 

forwarding said request to a Certificate Processing Server; and 
receiving a certificate renewal acknowledgement. 

25. (Previously Presented) One or more processor readable storage devices 
according to claim 16, wherein said method further comprises: 

performing said first workflow, wherein said first certificate related action is a 
certificate revocation action and wherein performing said first workflow comprises: 

revoking a certificate, wherein revoking the certificate comprises: 
authenticating said first user; and 

forwarding said request to a Certificate Processing Server. 

26. (Canceled) 

27. (Currently Amended) An apparatus comprising: 
one or more communications interfaces; 

one or more storage devices; and 

one or more processors in communication with said one or more storage devices 
and said one or more communication interfaces, said one or more processors perform a method 
comprising: 
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receiving at an Identity System a request for a first certificate related action for a 
first user wherein the first certificate related action is selected from a group consisting of a 
certificate enrollment action, a certificate renewal action, and a certificate revocation action; 

retrieving by the Identity System a first workflow for responding to said request 
from a plurality of workflows for responding to requests for certificate related actions, wherein 
each workflow in said plurality of workflows corresponds to a different set of characteristics for 
a user, wherein the first workflow contains a first set of directives and a second workflow in said 
plurality of workflows contains a second set of directives, wherein said first set of directives is 
different from said second set of directives, wherein said first workflow calls for obtaining an 
approval before performing a certificate related action for users having a first user type, wherein 
said second workflow does not call for obtaining an approval before performing a certificate 
related action for users having a second user type, and wherein retrieving the first workflow 
further comprises selecting the first workflow from the plurality of workflows based on the first 
certificate related action and a user type of the first user from a set of characteristics for the first 
user from an identity profile for the first user maintained by the Identity System being the first 
user type; and 

performing said first workflow, wherein performing said first workflow comprises 
retrieving an approval response from an entity associated with the first user and identified in the 
identity profile for the first user and obtaining a certificate and a real time status for the 
certificate from a certificate authority based on the approval response ; and 

storing the certificate and said real time status in the Identity System, wherein the 
certificate authority is external to the Identity System . 

28.-30. (Canceled) 

3 1 . (Previously Presented) The apparatus of claim 27, wherein said method 
further comprises: 

receiving said plurality of workflows. 
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32. (Previously Presented) The apparatus of claim 27, wherein said method 
further comprises: 

receiving a second request for a second certificate related action for a second user 
wherein the second certificate related action is selected from a group consisting of a certificate 
enrollment action, a certificate renewal action, and a certificate revocation action; 

retrieving the second workflow for responding to said second request from said 
plurality of workflows, wherein retrieving the second workflow further comprises selecting the 
second workflow from the plurality of workflows based on the second certificate related action a 
user type of the second user from a set of characteristics for the second user from an identity 
profile for the second user maintained by the Identity System being the second user type; and 

performing said second workflow, wherein performing said second workflow 

comprises: 

obtaining a second certificate without retrieving an approval response. 

33. (Previously Presented) The apparatus of claim 32, wherein said first 
certificate related action is a certificate enrollment action and said second certificate related 
action is a certificate enrollment action. 

34. (Previously Presented) The apparatus of claim 27, wherein said method 
further comprises: 

performing said first workflow, wherein said first certificate related action is a 
certificate enrollment action and wherein performing said first workflow comprises: 

obtaining a certificate, wherein obtaining the certificate comprises: 
authenticating said first user; 

forwarding said request to a Certificate Processing Server; 
receiving said certificate; and 
storing said certificate. 
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35. (Previously Presented) The apparatus of claim 27, wherein said method 
further comprises: 

performing said first workflow, wherein said first certificate related action is a 
certificate renewal action and wherein performing said first workflow comprises: 

obtaining a certificate, wherein obtaining the certificate comprises: 
authenticating said first user; 

forwarding said request to a Certificate Processing Server; and 
receiving a certificate renewal acknowledgement. 

36. (Previously Presented) The apparatus of claim 27, wherein said method 
further comprises: 

performing said first workflow, wherein said first certificate related action is a 
certificate revocation action and wherein performing said first workflow comprises: 

revoking a certificate, wherein revoking the certificate comprises: 
authenticating said first user; and 

forwarding said request to a Certificate Processing Server. 

37. (Canceled) 

38. (Currently Amended) A method comprising: 

receiving a first request for a first certificate related action for a first user; 
retrieving a first workflow for responding to said first request from a plurality of 

workflows, 

wherein each workflow in said plurality of workflows corresponds to a 
different set of characteristics for a user, 

wherein said first workflow calls for obtaining an approval before 
performing a certificate related action for users having a first user type, 
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wherein a second workflow of the plurality of workflows does not call for 
obtaining an approval before performing a certificate related action for users having a second 
user type, and 

wherein retrieving the first workflow for responding to said first request 
further comprises selecting the first workflow from the plurality of workflows based on the first 
certificate related action and a user type of the first user being the first user type; 

performing said first workflow, wherein performing said first workflow comprises 
retrieving an approval response from an entity associated with the first user and obtaining a first 
certificate and a real time status for the first certificate from a certificate authority based on the 
approval response ; 

storing the first certificate and said real time status for the first certificate in the 
Identity System, wherein the certificate authority is external to the Identity System; 

receiving a second request for a second certificate related action for a second user; 

retrieving said second workflow for responding to said second request from said 
plurality of workflows, wherein retrieving the second workflow for responding to said second 
request further comprises selecting the second workflow from the plurality of workflows based 
on the second certificate related action and a user type of the second user being the second user 
type; and 

performing said second workflow, wherein performing said second workflow 
comprises obtaining a second certificate and a real time status for the second certificate from the 
certificate authority without retrieving an approval response; and 

storing the second certificate and said real time status for the second certificate in 
the Identity System . 

39. (Previously Presented) The method of claim 38, further comprising: 
receiving said plurality of workflows. 

40. (Canceled) 
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41 . (Previously Presented) The method of claim 38, wherein said first 
certificate related action and said second certificate related action call for the same certificate 
related action. 

42. (Previously Presented) The method of claim 38, wherein receiving the 
first request, retrieving the first workflow, performing the first workflow, receiving the second 
request, retrieving the second workflow, and performing the second workflow are performed by 
an Identity System in communication with an Access System. 

43. (Currently Amended) One or more processor readable storage devices 
having processor readable code embodied on said processor readable storage devices, said 
processor readable code for programming one or more processors to perform a method 
comprising: 

receiving a first request for a first certificate related action for a first user; 
retrieving a first workflow for responding to said first request from a plurality of 

workflows, 

wherein each workflow in said plurality of workflows corresponds to a 
different set of characteristics for a user, 

wherein said first workflow calls for obtaining an approval before 
performing a certificate related action for users having a first user type, 

wherein a second workflow of the plurality of workflows does not call for 
obtaining an approval before performing a certificate related action for users having a second 
user type, and 

wherein retrieving the first workflow for responding to said first request 
further comprises selecting the first workflow from the plurality of workflows based on the first 
certificate related action and a user type of the first user being the first user type; 

performing said first workflow, wherein performing said first workflow comprises 
retrieving an approval response from an entity associated with the first user and obtaining a first 
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certificate and a real time status for the first certificate from a certificate authority based on the 
approval response ; 

storing the first certificate and said real time status for the first certificate in the 
Identity System, wherein the certificate authority is external to the Identity System; 

receiving a second request for a second certificate related action for a second user; 

retrieving said second workflow for responding to said second request from said 
plurality of workflows, wherein retrieving the second workflow for responding to said second 
request further comprises selecting the second workflow from the plurality of workflows based 
on the second certificate related action and a user type of the second user being the second user 
type; and 

performing said second workflow, wherein performing said second workflow 
comprises obtaining a second certificate and a real time status for the second certificate from the 
certificate authority without retrieving an approval response ; and 

storing the second certificate and said real time status for the second certificate in 
the Identity System . 

44. (Previously Presented) One or more processor readable storage devices 
according to claim 43, wherein said method further comprises: 
receiving said plurality of workflows. 



45. (Canceled) 

46. (Previously Presented) One or more processor readable storage devices 
according to claim 43, wherein said first certificate related action and said second certificate 
related action call for the same certificate related action. 

47. (Previously Presented) One or more processor readable storage devices 
according to claim 43, wherein receiving the first request, retrieving the first workflow, 
performing the first workflow, receiving the second request, retrieving the second workflow, and 
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performing the second workflow are performed by an Identity System in communication with an 
Access System. 

48. (Currently Amended) An apparatus comprising: 
one or more communications interfaces; 
one or more storage devices; and 

one or more processors in communication with said one or more storage devices 
and said one or more communication interfaces, said one or more processors perform a method 
comprising: 

receiving a first request for a first certificate related action for a first user; 
retrieving a first workflow for responding to said first request from a plurality of 

workflows, 

wherein each workflow in said plurality of workflows corresponds to a 
different set of characteristics for a user, 

wherein said first workflow calls for obtaining an approval before 
performing a certificate related action for users having a first user type, 

wherein a second workflow of the plurality of workflows does not call for 
obtaining an approval before performing a certificate related action for users having a second 
user type, and 

wherein retrieving the first workflow for responding to said first request 
further comprises selecting the first workflow from the plurality of workflows based on the first 
certificate related action and a user type of the first user being the first user type; 

performing said first workflow, wherein performing said first workflow comprises 
retrieving an approval response from an entity associated with the first user and obtaining a first 
certificate and a real time status for the first certificate from a certificate authority based on the 
approval response ; 

storing the first certificate and said real time status for the first certificate in the 
Identity System, wherein the certificate authority is external to the Identity System; 
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receiving a second request for a second certificate related action for a second user; 

retrieving said second workflow for responding to said second request from said 
plurality of workflows, wherein retrieving the second workflow for responding to said second 
request further comprises selecting the second workflow from the plurality of workflows based 
on the second certificate related action and a user type of the second user being the second user 
type; and 

performing said second workflow, wherein performing said second workflow 
comprises obtaining a second certificate and a real time status for the second certificate from the 
certificate authority without retrieving an approval response ; and 

storing the second certificate and said real time status for the second certificate in 
the Identity System . 

49. (Previously Presented) The apparatus of claim 48, wherein said method 
further comprises: 

receiving said plurality of workflows. 

50. (Canceled) 

5 1 . (Previously Presented) The apparatus of claim 48, wherein said first 
certificate related action and said second certificate related action call for the same certificate 
related action. 

52. (Previously Presented) The apparatus of claim 48, wherein receiving the 
first request, retrieving the first workflow, performing the first workflow, receiving the second 
request, retrieving the second workflow, and performing the second workflow are performed by 
an Identity System in communication with an Access System. 
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53. (Previously Presented) The method of claim 1, wherein obtaining an 
approval response comprises applying a Lightweight Directory Access Protocol (LDAP) filter to 
attributes of the identity profile for the first user. 

54. (Previously Presented) The method of claim 9, wherein the entity 
associated with the first user comprises a third user. 

Please add the following new claims: 

55. (New) The method of claim 1, further comprising: 

storing validation information for said certificate in the Identity System, wherein 
said validation information includes an identifier of a time said real time status was retrieved and 
a validation interval for said real time status; 

receiving at the Identity System a request to export the certificate; 

determining with the Identity System whether to check a status for said certificate, 
wherein determining whether to check the status for the certificate comprises querying a 
parameter field in the Identity System; and 

in response to determining to check the status for said certificate, determining 
with the Identity System whether to check the status for the certificate in real time, wherein 
determining whether to check the status for the certificate in real time comprises querying a 
parameter field in the Identity System. 

56. (New) The one or more processor readable storage devices of claim 16, 
wherein the method further comprises: 

storing validation information for said certificate in the Identity System, wherein 
said validation information includes an identifier of a time said real time status was retrieved and 
a validation interval for said real time status; 

receiving at the Identity System a request to export the certificate; 
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determining with the Identity System whether to check a status for said certificate, 
wherein determining whether to check the status for the certificate comprises querying a 
parameter field in the Identity System; and 

in response to determining to check the status for said certificate, determining 
with the Identity System whether to check the status for the certificate in real 
time, wherein determining whether to check the status for the certificate in real 
time comprises querying a parameter field in the Identity System. 



57. (New) The apparatus of claim 27, wherein said method further comprises: 

storing validation information for said certificate in the Identity System, wherein 
said validation information includes an identifier of a time said real time status was retrieved and 
a validation interval for said real time status; 

receiving at the Identity System a request to export the certificate; 

determining with the Identity System whether to check a status for said certificate, 
wherein determining whether to check the status for the certificate comprises querying a 
parameter field in the Identity System; and 

in response to determining to check the status for said certificate, determining 
with the Identity System whether to check the status for the certificate in real time, wherein 
determining whether to check the status for the certificate in real time comprises querying a 
parameter field in the Identity System. 
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